The visitor came directly to your site by typing the link into the browser's bar.

The visitor clicked a link on an https:// page and arrived at a http:// page, such as clicking a link to http://hypem.com on a https://gmail.com email. (Chrome will strip the referrer since you're downgrading security).

You were 301 redirected via a proxy that didn't maintain the referrer header.